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y ■ Abstract 

(N ■ 

q \ By operations on models we show how to relate completeness with respect to permissive- 

nominal models to completeness with respect to nominal models with finite support. 
£^ | Models with finite support are a special case of permissive-nominal models, so the con- 

• struction hinges on generating from an instance of the latter, some instance of the former 
in which sufficiently many inequalities are preserved between elements. We do this us- 

<— — i . ing an infinite generalisation of nominal atoms-abstraction. 

The results are of interest in their own right, but also, we factor the mathematics so as 

• to maximise the chances that it could be used off-the-shelf for other nominal reasoning 
systems too. Models with infinite support can be easier to work with, so it is useful to 

O . have a semi-automatic theorem to transfer results from classes of infinitely-supported 

nominal models to the more restricted class of models with finite support. 
7-H ■ In conclusion, we consider different permissive-nominal syntaxes and nominal mod- 

' els and discuss how they relate to the results proved here. 

m : 
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1. Introduction 

Nominal techniques are an approach to variables in syntax and semantics which give 
variables denotational reality as names. The semantics underlying nominal techniques 
are nominal sets [GP01], which identify variable symbols with names or (for set theorists) 
urelemente. We may call names/ urelemente atoms and we write the set of all atoms as A. 

According to nominal techniques, syntax and semantics both 'contain' atoms, in a 
sense made formal by a notion of support (see Definition 2.7). 
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The original applications of nominal sets and nominal terms [GP01, UPG04] ad- 
mitted only finite support (the interested reader can find more applications listed on 
[MullO]). 

Permissive-nominal terms and models generalise this by allowing infinite support 
(based on a set of finitely representable but still infinite supporting sets called permission 
sets). Precise definitions will come later. For the benefit of the reader already familiar 
with nominal techniques we give a simple schematic for how this fits together: 

nominal sets O nominal terms 

c c 

permissive-nominal sets O permissive-nominal terms 

Both models and syntax seem better-behaved in the permissive case: we avoid the con- 
ditional reasoning typical of more traditional finitely-supported nominal techniques. 1 
This makes it possible to unify the semantic and syntactic notions of a-equivalence and 
freshness, to 'just quotient' terms by a-equivalence, and to cleanly add universal quan- 
tification. Some complex mathematical proofs become dramatically simpler. Precise 
examples are cited in the Conclusions of this paper. 

So permissive-nominal techniques are arguably nicer to work with, but 'ordinary' 
nominal techniques are arguably more elementary (no infinities to confuse the reader) — 
and they are sufficient for many applications. 

We indicate subset inclusions in the schematic above because models with finite 
support are special cases of models with infinite support, and it has been shown by ar- 
guments on syntax how to map from 'ordinary' nominal syntax to permissive-nominal 
syntax [DGM10, Section 4]. 

But what about the other way around? 

In this paper, we explore models with differently-sized sets of atoms, give construc- 
tions to move from 'larger' to 'smaller' support, and test when these size transforma- 
tions can and cannot be internally detected by the logics concerned. The main two 
results are Theorems 6.8 and 7.15 — these follow from two technical results, Theorem 5.2 
and Lemma 5.4. 

Because our arguments are based on models, it is fairly easy to apply them to dif- 
ferent syntaxes. In this paper we use the two examples studied in previous work by 
the author and others: nominal algebra [GM09] (an equality reasoning system whose 
term language is nominal terms) and permissive-nominal logic (ditto, for first-order 
logic) [DG11]. See also a recent survey paper, which covers both of these in a uniform 
presentation [Gabl2]. 

Structure of the paper 

• In Section 2 we briefly introduce permissive-nominal sets, with examples. These 
will be our semantic universe in this paper; nominal sets from [GP01] are a special 
case. 

• In Section 3 we introduce permissive-nominal terms: signatures, terms, a-equivalence, 
and their interpretation in permissive-nominal sets. The critical definition is Defi- 
nition 3.13, which maps from syntax to semantics. 



1 For instance, 'nominal algebra' uses equations conditional on freshness constraints saying that 'a is fresh 
for X' [GM09], whereas 'permissive-nominal algebra' uses just equations [Gabl2]. 
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• Section 4 shows how to reduce the size of the support of a interpretation with 
'large' support, to obtain a interpretation with 'smaller' support. This requires 
some interesting technical constructions. Notably, we consider atoms-abstraction 
by a list of atoms [l]x (Definition 4.3), and a permutative notion of restricting a 
permutation ir/S (Definition 4.11). 

• In Section 5 are three technical commutation results: the common theme is that 
reducing the size of the support of a interpretation commutes with the structure 
of that interpretation. 

• Section 6 proves our first main theorem, that permissive-nominal algebra is com- 
plete over finitely-supported interpretations (Theorem 6.8). 

• Section 7 introduces a novel notion of 'medium support' (Definition 7.4) and proves 
our second main theorem, that permissive-nominal logic over interpretations with 
medium support has the same validity as over interpretations with finite support 
(Theorem 7.15). We discuss what this means in Subsection 7.4. 

• Section 8 discusses how the precise design of permission sets and permutations 
affects the proofs of this paper. We find that the results are delicate: even quite 
small changes can break the proofs (Propositions 8.2 and 8.5). 

• We conclude with a technical discussion of our results, related work, and future 
work. 

2. Permissive-nominal sets 

We start with the basic definitions of permission sets, permissive-nominal sets, and 
then we give some examples. 

2.1. Atoms, permutations, permission sets 

Definition 2.1. Write N = {0, 1, 2, 3, . . .} for the natural numbers. andZ = {0,-1,1,-2,2,...} 
for the integers. 

Definition 2.2. For each i G N fix a pair of disjoint countably infinite sets of atoms A^ 
and A> . Write 

A< = |J A< , A> = |J A> , A,=A- UA^, and A = A < U A> . 

a,b,c, . . . will range over distinct atoms: we call this the permutative convention. 

Definition 2.3. Given a, b G Aj for some i £ N write (a b) for the swapping bijection on 
atoms mapping a to b, b to a, and any other c G A \ {a, b} to a 
If 7r is a bijection on atoms define nontriv(n) — {a | n(a) ^ a}. 

Write Pfi n for the group of bijections (finitely) generated by swappings, and call these 
bijections permutations. 

Write 7ro7r' for the composition of tt and tt' (so (7ro7r')(a) = 7r(7r'(a))). Write id for the 
identity permutation (so id(a) — a always). 

Lemma 2.4. A bijection tt on atoms is a permutation if and only if 

• a G Aj if and only ifir(a) G Aj. 

• nontriv(n) = {a \ n(a) ^= a} is finite. 
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Definition 2.5. If A C A define the pointwise action by n- A = {ir(a) | a e A}. 

A permission set 5 is a set of the form 7r A < . 5, T will range over permission sets. 

The choices made in Definitions 2.3 and 2.5 make Theorems 6.8 and 7.15 work. These 
choices are possible within the framework of [Gabl2]. 

2.2. Permissive-nominal sets 

Definition 2.6. A set with a permutation action X is a pair (|X| , ■) of a carrier set |X| and 

a group action on the carrier set (Pg n x |X|) — >• |X|, written infix as ir-x. 2 

Say AC A supports x € |X| when for every (finite) permutation 7r G Pfi n / if 7r(a) = a 
for all a £ A then 7r-a; = x. 



Definition 2.7. A permissive-nominal set is a set with a permutation action such that 
every element has a unique least supporting set supp(x) such that supp(x) C 5 for 
some permission set 5. We call this the support of x. 
X, Y will range over permissive-nominal sets. 



In fact, if x 6 |X| has some supporting set ACS, then it has a least one; see e.g. 
[DG10, Theorem 4.3]. 

Definition 2.8. If it is a permutation and A C A write 7r|,4 for the restriction of tt to 
A. This is the partial function such that tt\a(o) = n(a) when a £ A, and is undefined 
otherwise. 

Lemma 2.9. Suppose X is a nominal set. Suppose x £ |X| and A C A supports x. 
Then tt\a — tt'\a implies n-x = tt'-x. 

Proof. From the definition of support, considering n^on'. □ 

Lemma 2.10. Suppose X is a permissive-nominal set and x G |X|. Then supp(wx) — -K-supp(x). 

Proof. By a routine calculation using the group action. □ 

We conclude with a useful condition for checking whether a G supp(x): 

Corollary 2.11. Suppose X is a permissive-nominal set and x € |X|. Suppose b supp(x). 
Then (b a)-x — x if and only if a f- supp(x). 

Proof. Suppose b supp{x). The right- to-left implication is by the definition of support. 
For the left- to-right implication, we prove the contrapositive. Suppose a e supp{x). By 
Lemma 2.10 supp((b a)-x) — (b a)-supp(x). By our suppositions, (b a)-supp(x) ^ supp(x). 
It follows that (b a)-x ^ x. □ 



2 So, id-x = x and Tt-(it'-x) = {■ko-k')-x for every tt and n' and every x 6 |X|. 
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2.3. Examples 

We briefly consider examples of permissive-nominal sets, which will be useful shortly. 

Definition 2.12. A the set of atoms can be considered a permissive-nominal set with a 
natural permutation action ir-a = 7r(a). 

In the case of A only, we will be lax about the distinction between the set, and the 
permissive-nominal set with its natural permutation action. 

Definition 2.13. Suppose X is a permissive-nominal set and A„ is a set of atoms. Sup- 
pose x E | X. | and a £ A„. Define atoms-abstraction [a]x and [A„]X by: 



[a]x 


= {(a, x)} U {(&, (b a)-x) b E A v \supp(x)} 


|[A„]X| 


= {[a]x | a E A„, x E |X|} 


TT-[a]x 


= [7r(a)]7r-a; 



(Compare Definition 2.13 with Definition 4.3.) 

Remark 2.14. In the definition of [a] a; in Definition 2.13 recall that by our permutative 
convention b ^ a. An equivalent and more compact way of writing this is [a]x = 
{(ir(a), tt-x) | 7r E fix(supp(x)\{a})} where fix (A) = {tt \ VaEA.7r(a) = a}. 

Lemma 2.15. 1. [A„]X is a permissive-nominal set. 

2. [a]x=[a]x' if and only ifx—x',for a£A v and a;£|X|. 

3. [a]a;=[a']a;' if and only if a 1 ^supp{x) and (a' a)-x—x',for a, a'eA„ and x, x'e\X\. 

Definition 2.16. If X; are permissive-nominal sets for 1 < i < n then define Xi x . . . x X„ 
by: 

|X 1 x...xX„|HXi|x...x|X„| 
7r-(xi, ...,x n ) = [ir-xi, . . .,ir-x n ) 

Lemma 2.17. • supp(a) = {a}. 

• supp([a]x) = supp(x) \ {a}. 

• supp((xi, . . . ,x n )) = \J{supp(Xi) I 1 < i < n}. 

Proof. Proofs are as in [GP01] or [Gablla]. □ 

3. Permissive-nominal terms syntax and its interpretation 

3.1. Signatures 

Definition 3.1. A sort-signature is a tuple (A, B) of name and base sorts iCM and B. 
v will range over name sorts; r will range over base sorts. 
A sort language is defined by 



a ::= v \ r | (a, . . . , a) | \y\a. 
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Definition 3.2. A term-signature over a sort-signature (A, B) is a tuple 

(C, X, T , ar, pmss) where: 

• C is a set of constants. 

• X is a set of unknowns. 

• J 7 is a set of term-formers. 

• ar assigns 

- to each constant C G C a base sort t which we may write sort(C), 

- to each unknown X E X a sort a which we write may sort(X), and 

- to each f e J a term-former arity (a)r, where a and r are in the sort- 
language determined by (A, B). 

• pmss assigns to each constant a set pmss(C) C A< . 

A (nominal terms) signature E is then a tuple (.4, B, C, X, T , ar, pmss). 



We may write ((ai, . . . , a n ))T just as (ai, . . . , a n )r. 



3.2. Terms 

Definition 3.3. For each signature E = (A, B,C,X, T , ar, pmss), define terms over E by: 



(a e A„, v e A) 


(sort(C) = t) 


(sorf(X) = a) 


a : v 


ir-C : t 


7T-A" : a 


r : a (or(f) = (a)r) n 


:ai ... r n : a n 


r : a (a G 1/ G .4) 


f(r) : r (n, ■ • 


. ,r n ) : (ai, . . . ,a n ) 


[a]r : [uja 


We may write f((ri, . . . , r„)) as f(r x , . . . , r n ). 




Definition 3.4. Define free atoms and the permutation action, and free variables on 


terms r as follows: 






fa(a) = {a} 


/a(f(r)) = 


Mr) 


fa{iT-C) = ir-pmss(C) 


/a((ri,...,r„)) = 




fa(ir-X) = vr-A< 


/a([a]r) = 


Hr)\{a} 


7r-a = 7r(a) 


7r-f(r) = 


f (ir-r) 


it-(<k'-C) = (7ro7r')-C 


7r-(ri,...,r„) 


(ir-n,. . . ,vr-r n ) 


tt-(tt'-X) = (iroir')-X 


■ = 


[7r(a)]7r-r 


fv(a) = 


/«(f(r)) = 


Mr) 


fu{ir-C) = 


/y((n, . . . ,r„)) = 


Ui<i<„/"(n) 


fv(n-X) = {X} 


/y([a]r) = 


/y(r) 



Remark 3.5. In Definition 3.4 we in effect give every unknown permission set A< (so 
that fa(n-X) = n-A < ). We obtain the effect of an unknown with permission set 7r-A < 
just by writing ir-X. This simplified design makes Proposition 5.6 easier to express. It 
corresponds roughly to [Gabl2, Example 3.1.7(2)]. 
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Lemma 3.6. fa(ir-r) = n-fa(r). 

Lemma 3.7. Ifir{a) = it' {a) for all a G fa(r) then n-r = n'-r. 

3.3. a-equivalence 

Definition 3.8. A congruence is an equivalence relation R such that if r R s then f (r) R 

f(s) and (ti, . . . , r, . . . , t n ) R (ii, . . . , s, . . . , t n ) and [a]r R [a]s. 

a-equivalence is then the least congruence such that if a, b ^ fa{r) then (b a)-r = a r? 

We do not quotient terms by a-equivalence. The syntax [a]r is a formal pair of a and 
r. So for example, [a]X and [b] (b a)-X for b G" A< are different concrete terms. 

In fact, we never use a-equivalence = a directly in this paper (it would be needed if 
we proved soundness and completeness, but these proofs are in other papers and are not 
included here). However = a lurks in the background, hard-wired into the denotation: 
it can be proved that if r = a s then r and s will always denote the same element in 
Definition 3.13. 

3.4. Interpretation of signatures and terms 

Definition 3.9. Suppose X and Y are permissive-nominal sets and F e |X| — > Y| is a 
function. Call F equivariant when F (ir-x) = tt-F(x) for all permutations it G Pfi n and 
x G |X|. 

Definition 3.10. Suppose (A, B) is a sort-signature (Definition 3.1). 



A interpretation J> for (A, B) consists of an assignment of a permissive-nominal set 
[a] " to each sort a in (A, B), along with equivariant maps 

• for each v G A an equivariant and injective map A„ — > \v\ f which we write of ' , 

• for each v G A and a an equivariant and injective map [A^JJa]^ — > JHaJ*' 
which we write [a] x, and 

• for each a^ for 1 < i < n an equivariant and injective map II; [a;]]*' — > 

[(ai, . . . , a„)]' which we write (xi, . . . , x n ) J ' • 



Definition 3.11. Suppose E = (A, B, C, J 7 , ar, pmss) is a signature (Definition 3.2). 



A (S-)interpretation ,f for S, or E-algebra, consists of the following data: 

• An interpretation for the sort-signature (A, B) (Definition 3.10). 

• For every f e J with ar(f ) = (a)r an equivariant function f y from [aj r to \tY ■ 

• An assignment of a C f G \sort(C)Y to C G C, such that supp(C y ) C pmss(C). 



Definition 3.12. Suppose <f is a S-algebra. A valuation c; to J" is an equivariant function 
on unknowns X such that for each unknown X, <;(X) G \sort(X)Y ■ 
<; will range over valuations. 



3 This characterisation, which follows [GM07], captures in slightly abstract form three more syntax-directed 
rules: b fa(r) then [b](b a)-r = a [a]r, and if 7r| A < = 7r'| A < then n-X = a tt'-X, and if Tr\ p , naa (c) = 

7r 'lpmss(C) then7T-C7 = a Tv'-C. 
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Definition 3.13. Suppose is a E-algebra. Suppose c is a valuation to J^. 

Extend to an interpretation on terms jrff (where of course r is a term in the 
signature E) by: 



[ajf = of 


[f(r)]f = f([r]f) 










[7T-X]f = 7T.?(X) 


[Mr]f - [aKHf 





Lemmas 3.14 to 3.17 are proved by routine inductions: 
Lemma 3.14. J/r : a then [r]f € [a]-". 

Lemma 3.15. I/?(X) = s'(X)for every X £ fv(r) then [r]f = [rj£. 

Lemma 3.16. 7r-[r]f = [Tr-rjf. 

Lemma 3.17. swpp([r]^) C fa(r). 

Looking ahead, later on in Section 6, we use interpretations to define a notion of 
validity with respect to a model or a collection of models, written J4? \= r = s and 
T t= r = s. 

4. Reducing support of an interpretation 

In this section we show how, given an interpretation , to build an interpretation 
[m]Jff with 'smaller' support. 

[m]Jf will have 'almost the same structure' as Jff. If two terms have a distinct de- 
notation in ffl then their interpretation in [m]Jf is also distinct (Proposition 6.3, which 
is essentially Theorem 5.2 combined with Lemma 4.5). 

As we shall see in Section 6, this result can be leveraged to proofs of completeness 
with respect to interpretations with finite support, assuming completeness with respect 
to all interpretations. 

The idea of the construction is simple: in Definition 4.3 we take Jf and abstract all 
but finitely many atoms in its elements — in Definition 4.15 we show how to combine 
this with the interpretation of the term-formers of Jff. 

One way to think of this, is that we replace atoms by numerical indexes (where a is 
identified with its position in the infinite list of abstractions which we impose). We can 
think of [m}Jff as an abstract 'de Bruijn indexes' version of Jff, where we recall that de 
Bruijn indexes are a method of representing object-level variables as numerical indexes 
[dB72] typically applied concretely to formal syntax rather than to models. More on this 
in the Conclusions. 

4.1. Abstraction by atoms and by infinite lists of distinct atoms: [a]x and [l]x 

Definition 4.1. Choose a fixed but arbitrary enumeration a.%, a_2, a.3, . . . of some subset 
of A< — since atoms are countable, this can be done. Write this enumeration as a list, 

I* = [a-i,a-2,a-3, . . .]. 4 



4 We use negative indexes because we wrote A< with a < . Of course this does not matter, but it does allow 
the diagram in Section 8 to make geometric sense. 
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Define a permissive-nominal set L (parameterised by Z„) by: 

tt-1„ = [7r(a_i), 7r(a_ 2 ), 7r(a_ 3 ), . . .] 
|L| = {ir-l* | allTr} 

I will range over elements of |L|. 

It is very easy to check that L is indeed a permissive-nominal set, and that supp(l) is 
equal to the atoms in I. 

We will be most interested in the cases of Definition 4.1 when U enumerates all of 
A< (Section 6) and when Z» enumerates 'half of A< (Section 7). However, nothing in the 
mathematics below will depend on this. 

Definition 4.2. If A C A define fix (A) by: 

fix (A) = {tt | \/aeA.%(a) = a} 

Definition 4.3. Suppose X is a permissive-nominal set and x € |X|. Suppose I G |L|. 
Define [l]x and [L]X as follows: 



[l]x = {(ir-l,ir-x) | tt G fix(supp(x)\supp(l))} 

\\L]X\ = Mx\xe\X\,le\M} 

tt-[1]x = [ir-ljir-x 



Remark 4.4. [l]x and [L]X mirror [a] a; and [A]X from Definition 2.13, and have broadly 
similar properties. The idea of abstracting over infinitely many atoms was investigated 
in [Gab07] (see equation (2) in Subsection 2.1). 

Lemma 4.5. Suppose X is a permissive-nominal set and x, y G |X|. Suppose I G |L|. 
Then [l]x = [l]y if and only ifx — y. 

Proof. Clearly if x = y then [l]x = [l]y. Suppose [l]x = [l]y. By construction (I, x) € [l]x, 
so also (l,x) G [l]y. It follows that there exists tt such that tt-1 = I and ir-y = x, and 
7r G fix(supp(y) \ supp{l)). From tt-1 = I follows that tt G fix(supp(l)). It follows that 
tt G fix(supp(y)) and so by Lemma 2.9 that ir-y = y. □ 

Lemma 4.6. Suppose X is a permissive-nominal set and x G |X|. Suppose I G |L|. 
Then supp([l]x) = supp(x)\supp(l). 

Proof. By properties of the group action if tt G fix(supp(x)\supp(Vj) then tt-[1]x = [7r-Z]7r-x. 

Now suppose a G supp(x)\supp(l) and choose any b fresh (so b G" supp(x) U supp(lj). 
It is easy to use Lemma 2.10 to verify that every (l',x') G [l]x satisfies a G supp(x') 
whereas every (l',x') G (b a)-[l]x satisfies a ^ supp(x'). It follows that (b a)-[l]x [l]x 
and so by Corollary 2.11 a G supp([l]x). □ 

Corollary 4.7. [L,]Xfrom Definition 4.3 is a permissive-nominal set. 

Proof. That it is a set with a permutation action is clear. That every element has a sup- 
porting permission set follows from Lemma 4.6. □ 



10 



Lemma 4.8. Suppose X is a permissive-nominal set. Suppose x € |pL]Xj and I e |L| zs such 
that supp(x) n supp(l) = 0. Then there exists a unique element, write it x@l € |X|, such that 

x=[l](x@l). 

Proof. By Lemma 4.5 x@l is unique if it exists. 

Suppose supp(l) n supp(x) = 0. By construction (Definition 4.3) x = [l']x' for some 
I' € L and a;' € |X|. By construction (Definition 4.1) I' — n-l for some tt. 5 It is also a 
fact that since supp(l) n supp(x) = and (by Lemma 4.6) supp(V) PI supp(x) — 0, we 
can suppose without loss of generality that nontrivirr) D supp(x) = 0. It follows that 
i = [/]7r _1 -x' and so x@l exists and is equal to tt^-x'. □ 

Lemma 4.9. Suppose y\,...,y n G | [L]X|. Then for any I such that supp{l) n 1J supp(yi) = 0, 
there exist xi,...,x n € |X| sue/; f/zaf j/j = [ZJxj/or 1 < i < n. 

Proof. We use Lemma 4.8 and take Xi = yi@l. □ 

4.2. Restricting permutations tt/S 

Intuitively ir/S (Definition 4.11) is the 'smallest' permutation to agree with ir on S. 
ir/S is 'trying' to be ir\s (Definition 2.8) but ir/S is a total function and furthermore is a 
permutation. The main result is Theorem 4.14, and we use tt/S in Theorem 5.2. 

As nominal techniques demonstrate, permutations are an attractive way to handle 
name-binding. Think of tt/S as a version of tt 1 5 that we can use if we want to stay in the 
world of permutations. 

Example 4.10. Suppose n = (a b c d e)(f g) (so it maps a to b to c to d to e to a, and / to 
g to /). Then: 

7r/ {a} = (a 6 e) 7r/ {a, 6} = (a b c e) 

ir/{a, c} = (abcde) vr/{a, f}=(ab e)(f g) 

Suppose n = (a b c d e f). Then 

7r/{6,e} = (abc)(def) tt/{6} = (a 6 c) 

7r/{6, e, d} = (a 6 c <i e /) 7r/ {a, c!} = (a 6 /)(c c? e) 

Recall the definitions of nontriv(n) and tt from Definition 2.3. 

Definition 4.11. Represent permutations tt as cycles; so we write tt as a finite set of finite 
cycles indexed by i <E I where cycle number i has length on > 1 : 

tt = n. ie /(a, i i a l2 ... a icti ) 

Define tt/S as that permutation obtained as follows: 



Delete from the cycle representation of tt above any atom a such that 
{a,Tr(a),TT' 1 (a)} H S — 0. That is, if there is any part of a cycle of the form 
'ai a 2 a 3 ' where ai S, a 2 ^ S", and a 3 ^ S 1 , then we replace it with '01 a 3 '. 
Repeat, until we cannot proceed. 

If there is any part of a cycle of the form 'a\ a 2 a 3 04' where ai £ S and 
a 4 G S but a 2 ^ S and a 3 ^ £, break the cycle into two subcycles as follows: 
'a x a 2 ){a 3 a 4 '. 



5 This is the crux of the proof: L is composed of a single orbit under the permutation action. 
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In words: 



tt/S is obtained from tt by eliding sequences of three or more consecutive 
atoms not in S, and then by splitting cycles at any two consecutive atoms 
not in S. 

Lemma 4.12. n/S is well-defined. 

Proof. At each step the size of nontriv reduces, so the rewrite system is terminating. It 
is not hard to check that rewrites are locally confluent. The result follows by Newman's 
Lemma [New42]. □ 

Definition 4.13. Define tt' <$ tt when: 

• ir'\s = tt\ s 

• (■k')- 1 \s = k- 1 \s 

• For every cycle with atoms C in tt' , there is a cycle with atoms C in tt such that 
C C C. 

It is easy to verify that <s is a transitive reflexive relation. <s is not antisymmetric: 
if 7r = (ab c) and tt' — (a c b) and S = then tt <s tt' and tt' <s tt yet tt ^ tt'. 

Theorem 4.14. 1. tt/S is the unique <s-least permutation beneath tt. 

2. As a corollary, (tt/S)\s — tt\s end ifn\s — n'\s and n^ls — (7r') _1 |s then tt/S = tt' /S. 

Proof. By construction tt/S contains only those atoms, in the smallest possible cycles, 
necessary to agree with tt and tt' 1 on S. □ 

4.3. Making support smaller 

Given an interpretation Jt? and a list of atoms m, we are interested in 'subtracting' 
m from the support of Jtf?, in some sense. The main definition is Definition 4.15, which 
builds an interpretation with smaller support out of an interpretation. For the cases we 
care about, 'smaller support' will mean finite support; this will come later in Lemmas 6.4 
and 7.10, which are then used in Theorems 6.8 and Theorem 7.15 respectively. Here, we 
give the relevant construction. 

Definition 4.15. Given a signature E, a E-interpretation Jf, and a list m e |L| construct 
a S-interpretation [m]J4? as follows: 







= {[l}x 1 1 e |L|, x e 


[an 








= \t[{a*) (supp(l) J 


a) ^{[l]x) = 








= [i](xi,. . .,x n y^ 


[af**(\([x) = 


[l]([arx) 






= [m]C* 







Remark 4.16. A couple of comments on Definition 4.15: 

The index m of [m]j%? is only used to interpret constants C. We have to choose some 
list of atoms to abstract — if our language did not admit non-equivariant constants, as 
was the case for the original Urban-Pitts-Gabbay syntax from [UPG04] or its permissive 
variant from e.g. [DGM10], then we could just write \L]J4?. 

In the case of tuples, we know we can write every element in the form [l]xi for 
1 < i < n for some x. L , by Lemma 4.9. 
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Proposition 4.17. [m]Jffrom Definition 4.15 is an interpretation. 

Proof. It is routine to check that every condition in Definitions 3.10 and 3.11 is satisfied. 

□ 

The next step is to build valuations to [m]j%?. This is Definition 4.18 and Proposi- 
tion 4.19. 

Definition 4.18. Suppose <j is a valuation to Jtf and I E |L|. Define by: 



Proposition 4.19. Ifsisa valuation to Jf then [l]<; is a valuation to [m]Jff. 

Proof. Consider an unknown X. By assumption c(X) £ [sort (X)J'** and supp(<;(X)) C 
A< . By construction in Definitions 2.5 and 4.3, A < \ supp(l) is finite so by Lemma 4.6, 
supp([l]$(X)) is finite. The result follows. □ 

5. Three commutation results 

Theorem 5.2, Lemma 5.4, and Proposition 5.6 are three commutation results. In Sec- 
tions 6 and 7 we will use these as the technical 'engine' behind main theorems such as 
Theorems 6.8 and 7.15. 

5.1. Atoms of a term 

First, we need a technical tool atoms (r). We need this to express the side-condition 
atoms(r)C\supp(l) — in Theorem5. 2, and the side-condition atoms (r)Pmontriv(ir) = 
in Proposition 5.6. Without these side-condition, the results would not hold. 

Definition 5.1. Define atoms (r) inductively by: 



atoms (a) 


= {«} 


atoms(f(r)) 


— atoms (r) 


atoms(ir-C) 


= nontriv(n / pmss{C)) 


atoms((r u ... , r„)) 


= (J atoms (ri) 


atomsijr-X) 


= nontriv (tt/A < ) 


atoms ([a]r) 


= atoms{r) U {a} 



atoms(r) collects the atoms 'explicit' in r. Contrast this with 'free atoms of fa(r) 
from Definition 3.4 which collects the atoms 'potentially' in r. For instance, fa(X) = A< 
and is infinite, but atoms(X) = 0. This is because X mentions no atoms explicitly, but 
intuitively it could be instantiated for any term with atoms in A< . 



5.2. First commutation result 

Recall from Definition 4.1 the construction of L, parameterised over some Z*. 
Theorem 5.2. Suppose I G |L| and atoms{r) n supp(l) = 0. Then [rj [,''*" = 

Proof. By induction on r: 

• The case a. We reason as follows: 
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H'Sf = [l]a* Defs 3.13, 4.15, a g «tpp(/) 

= [l]M? Definition 3.13 

Weknowa supp(l) because we assumed atoms(r)Dsupp(l) — 0,and atoms(a) — 
{a}. 

• The case tt-X. We reason as follows: 

[7pX]™jf = 7T- [Z]?(X) Definition 3.13 

= (tt/A< )-[%(X) Lems 2.9 & 4.6, Thm 4.14 

= [«](7r/A<)-<r(X) Fact 

= [/]7r-<r(X) Lems 2.9 & 4.6, Thm 4.14 

= [/] [7r-X]f Definition 3.13 

The fact above follows since we assumed atoms{ii-X) n supp(l) = 0. 

• The case [a]r, where a $ supp{l). We reason as follows: 

IbHwf = H 1 ' 1 "^ Wp]f Definition 3.13 

= H m ^WWf ind. hyp. 

= WCM^Hf ) Definition 4.15 

= [Z][[<z]rJf Definition 3.13 

• The case ir-C. We reason as follows: 

[tt-C]^ = 7r-[Z]C ir Defs 3.13 & 4.15 

= (vr/pmss(C))-[/]C ir Lems 2.9 & 4.6, Thm 4.14 

= [l}(ir/pmss(C))-C Jt Fact 

= [Ijn-C* Lems 2.9 & 4.6, Thm 4.14 

= W[7r-C]f Definition 3.13 

The fact above follows since we assumed atoms(-K-C) Pi supp(l) = 0. 

• The case (n, . . . ,r„). We reason as follows: 

[(n, . . . , r n )]»f = (M™jf , . . . , [r n jj*f )W* Definition 3.13 
= ([Z][r 1 ]f,...,[/][r n ]f)^ind.hyp. 
= HMf , . . . , [r„]f )^ Definition 4.15 
= [ZH(n,...,r„)]f Definition 3.13 

• T/ze case f (r) ... is routine. □ 
5.3. Second commutation result 

Definition 5.3. Given an interpretation Jrff, a valuation <j to JF, and some X and x € 

[sori(X)] J *° with supp(x) C A<, define <j[X := x] by: 

?[X:=z]pO=a; := x](Y) = ?(Y) 

Lemma 5.4. Suppose X, and a; are as in Definition 5.3. Suppose I e |L|. Then 

({l],)[X:=[l}x]) = [l](<;{X:=x}). 

Proof. By routine calculations. □ 
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5.4. Third commutation result 

Definition 5.5. Suppose q is a valuation. Suppose ir is a permutation such that nontriv(ir) C 
A<. 

Define iroq by 



Proposition 5.6. Suppose nontriv(it) C A< and atoms (r) n nontriv(it) = 0. Then [rj^. = 

Proof. By a routine induction on r similar to that in Theorem 5.2: 

• The case a. By assumption a nontriv(n). 

• The case tt' ■ X . By assumption nontriv(Tr)Pinontriv(ir' /A < ) = 0. Since nontriv(w) C 
A< it is a fact that nontriv(ir) n nontriv^') = 0. The result follows. 

• T/ze case [a]r, where a $ supp(l). By assumption a nontriv(Tr). 

• The case n'-C. Asfor7r'-X. 

• The cases (n, ... ,r n ) and f(r) .. . are routine. □ 

6. Nominal algebra completeness relative to interpretations with finite support 

We now have everything we need to set up two notions of validity 1= and \=p, (Defi- 
nition 6.7) and prove our main result, that they are equal (Theorem 6.8). 

Definition 6.1. Suppose r and s are terms in E, which is the signature of an interpreta- 
tion Jf. 



• Write Jf, ^Nr = s when [rflf = [s]f . 

• Write Nr = s when J^ 5 , c 1= r = s for every valuation c to ffl '. 



Notation 6.2. For the rest of this section, we will take I* from Definition 4.1 to enumerate 
all of A< . We write the L so generated by Definition 4.1 as L< . 
Recall the construction of [m] Jf from Definition 4.15. 

Proposition 6.3. Suppose r and s are terms in E, which is the signature of an interpretation 
Jif. Suppose me |L< |. Then: 

1. If JT \fr = s then [m]jT r = s. 

2. If J? \=r = s then [m]Jt? \= r = s. 

Proof For the first part, suppose Jf \f r = s. So there exists a valuation <r to ^ such 
that [rjf 7^ [s]f . Choose some / such that supp(l) n (atoms (r) U atoms(s)) = 0. We can 
do this, because atoms(r) and atoms(s) are finite. By Theorem 5.2 [rjj"^'* = and 

W{qf = WWf- By Lemma 4.5 [Z][r]f ^ [Z][ S ]f. It follows that [r]^ + [ S ] [ ™f . ' 

For the second part, suppose that ,¥f N r — s and suppose is a valuation to [m]J^. 
Choose some I e |L< | such that 

supp(l) n (atoms(r) U atoms(s) ll[J{supp(<;'(X)) | X e/y(r) U/i;(s)}J = 0. 



We can do this since all the sets on the right-hand side of H are finite. 

Using Lemmas 4.9 and 3.15 there exists a valuation ? to such that [rjJ_"' lJf = 
and [s]^ = [s]|"]''^. We now reason using Theorem 5.2 and Lemma 4.5, as in the first 
part. □ 

The model [m]Jf is composed of ordinary — i.e. finitely-supported — nominal sets, 
in the sense of [GP01]: 

Lemma 6.4. Every [l]x £ [a] [mljr has finite support. 

Proof. It suffices to observe Lemma 4.6 and note that by assumption supp (x) is contained 
in a permission set, and by assumption in Notation 6.2 supp (I) is a permission set, and 
by construction permission sets differ finitely from one another. □ 

Definition 6.5 is standard, e.g. from [GM09] (nominal) or [Gabl2] (permissive-nominal): 

Definition 6.5. A (permissive-)nominal algebra theory T = (£, Ax) is a pair of a signa- 
ture £ and a set of equality axioms Ax. (So elements of Ax are pairs r = s.) 

Suppose Jf is a S-interpretation (Definition 3.11). Write N T to mean that for 
every valuation c to Jif and every (r = s) e Ax, [rjf = [sjf . 



Definition 6.6. Suppose S is a signature and & is a E-interpretation. Say that & has 
finite support when for every sort a in £ and every x E | W|, it is the case that 
supp(x) is finite. 



Definition 6.7. Suppose T = (£, Ax) is a theory. Then: 

• Define T N^i r = s to mean that J? 1= T implies ^Nr=«, for every £-interpretation 
& with finite support. 

• Define T 1= r = s to mean that 1= T implies \= r = s, for every £-interpretation 

jr. 

Theorem 6.8. Suppose that T is a T,-theory. 
Then T l=^„ r = s if and only ifT\=r = s. 

Proof. The right-to-left implication is immediate since an interpretation with finite sup- 
port is an interpretation. 

For the left-to-right implication we prove the contrapositive. Suppose T \f r = s. 
So there is an interpretation such that if N T and a valuation c to such that 

Choose any m G |L< |. By part 2 of Proposition 6.3 [m]Jf \= T. By part 1 of Proposi- 
tion 6.3 [m]Jf \f r — s, and by Lemma 6.4 we are done. □ 

Permissive-nominal algebra is sound and complete with respect to permissive-nominal 
models (the proof is by a Herbrand construction; see [Gabl2, Subsection 7.5]). So the 
relevance of Theorem 6.8 is to give completeness also with respect to interpretations 
with finite support. 
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7. Permissive-nominal logic 

Permissive-nominal logic (PNL) extends signatures with proposition-formers P with 
arity a. It is 'first-order logic over (permissive-)nominal terms'. 

Full details can be found in [DG10, DG11] or [Gabl2, Section 9]. Here, we only give 
the necessary outline. 

7.1. Sketch of permissive-nominal logic 
Definition 7.1. PNL propositions are defined by 



<j>,4> ::= _L | 0^0 | VX.0 | P(r) 
where we insist that r : a (where a is the arity of P). 

Definition 7.2. if X is a nominal set and U C |X| call U equivariant when ie(J<S ir-x g 
U for all x g |X| and all permutations it. 6 

Definition 7.3 corresponds to e.g. [DG10, Definition 5.11]. 

Definition 7.3. An interpretation Jif maps a term to an element of a permissive-nominal 
set as in Definition 3.13, and maps each P to an equivariant subset P^ C [aj" r . 

This extends to propositions <fi just as in first-order logic where [</>]f is a truth-value 
T or _L, as follows: 

• [J-Jf (the syntax) is equal to _L (the truth-value). 

• The PNL of [DG10, DG11, Gabl2] is classical, so [<£=>Vlf is interpreted as 'not 
Mf or [#f . 

• [P( r )ir i s e 1 ua l to 'fr}f is an element of P*"'. 

• The only non-obvious case is the universal quantifier, which gets a denotation as 
follows: 

[VX.#f = /\{Mf X:=x] | x g [sort(X)r, SU pp(x) C A<} 

This is non-obvious because the VX in \/X.(f> quantifies only over x with support 
in A< . More discussion on this in the Conclusions. 

7.2. Three notions of validity in denotations 

Three distinct notions of validity will interest us. They are parameterised by 'how 
many atoms' they allow in support. This is Definition 7.6; to express it, we need Defini- 
tion 7.4. 

Definition 7.4. For each i g N fix some set Af C such that Af and AJ \ Af are both 
infinite. Write A <<: = (Jj Af and: 

• Say that x G \a\ /r has medium support when supp(x) C 7r-A <<: for some tt. 

• Say that has medium support when for every sort a and every x g [a] - *", £ has 
medium support. 



6 This notion of equivariance coincides with that of Definition 3.9, if we consider U as a function to truth- 
values {T, -L}, such that ir-T = T and 7r-_L = _L for all 7r. 

17 



Remark 7.5. The point of Definition 7.4 is that x with medium support may have infinite 
support, but this support cannot exhaust the atoms in A< . But did we not see this 
already in Definition 2.2 when we split A into A< and A> ? Yes, but PNL has a MX, so 
that now (and unlike was the case in permissive-nominal algebra) we have to worry 
about exhausting all the atoms in A< within nested quantifiers. To see this idea made 
concrete, consider the proof of Proposition 7.7. 

Definition 7.6. • Write N to mean that jitf, q N cj) for every interpretation J4? and 
valuation q to Jff. 

• Write h« <fr to mean that q N« for every interpretation with medium 
support and valuation <r to 

• Write Nyi>j cf> to mean that J?, q \= <fi for every interpretation with finite support 
and valuation c to & . 

Proposition 7.7. N implies N« 0. T/xe reverse implication does not necessarily hold. 

Proof. The first part is immediate since an interpretation with medium support is also 
an interpretation. 

For the second part it suffices to provide a counterexample. Suppose a base sort 
t and name sort v and variables X : t and Y : v. Suppose a predicate # : {v, r) with 
intended meaning 'is fresh for'/'is not in the support of. Consider the formula <p = 
VX3Y.Y#X. Then \= fin 4> and N« 4>, but not N 0; it might be that q{X) = I where I lists 
all atoms in A< , so there exists no atom in A< (by Definition 7.3, Y ranges over atoms in 
A< ) that is not in supp(l). □ 

The rest of this section is devoted to proving that N« if and only if \=fi„ cj) (Theo- 
rem 7.15). We discuss the relevance of these results in Subsection 7.4. 

7.3. Finite support denotations from medium support denotations 

Notation 7.8. For the rest of this section, we will take U from Definition 4.1 to enumerate 
A^. We write the L generated by Definition 4.1 as L <<: . 

Definition 7.9. Given a PNL interpretation 3rf? with medium support and a list m S |L <<: |, 
generate a PNL interpretation [m]Jf? by extending Definition 4.15 such that 



pM-* = {[/Ja; | a, e p*", J e |L <<: |}. 



Where does the m in [m]Jff appear on the right-hand side here? It does not: m is 
only used to reduce the support of the interpretations of constant symbols; see Defi- 
nition 4.15. PNL only allows equivariant (Definition 7.2) interpretation of proposition- 
formers. If we considered a flavour of PNL in which proposition-formers could receive 
non-equivariant interpretation (so that in the syntax we would allow terms of the form 
(7r-P)(r)), then Definition 7.9 would mention m on the right. This makes no difference 
to expressivity since we can emulate the effect of a non-equivariant proposition-former 
using P(C, r). Our design follows the path of the simplest definitions and proofs. 

Lemma 7.10. Every [l]x e [a] [m '" r has finite support. 

Proof. As for Lemma 6.4, but now using Notation 7.8 and our assumption that x £ [a]" r 
has medium support. □ 

18 



Definition 7.11. Extend atoms(r) (Definition 5.1) to propositions atoms (<f)) inductively 
by: 



atoms(l) = 


atoms ((f>=$-ip) = atoms ((f>)U atoms (ip) 


atoms(P(r)) = atoms{r) 


atoms (yX.<p) = atoms (<f>) 



Lemma 7.12 extends Proposition 5.6 to predicates, and is needed for Proposition 7.14. 
Recall from Definition 5.5 the definition of itoq: 

Lemma 7.12. Suppose q is a valuation to an interpretation 3tf. Suppose <f> is a predicate and it 
a permutation such that nontriv(it) C A< and nontriv(it) H atoms{4>) = 0. 
Then = [#f . 

Proof. By a routine induction on <f>. We consider two cases: 

• The case o/P(r). By definition [P(r)J^ s = T if and only if [r]* G P*". By Proposi- 
tion 5.6 [r]^ { = 7r-[r]^. By assumption P x is equivariant (Definition 7.2). 

• The case of\/X.(j>. 

[VX<^ = A{Mt^)[x«] I * G [sortpQf, ^(a) C A< } 
= A{M^)pr^] I * G [«ort(-X:)]r, C A< } 

= A{[</C kM I x G [sortpC^, SM ^(x) C A< } 
= A{M^ : =,] I x G I«orf(JQ]r, aupp^) C A< } 
- lVX.0]f 

□ 

Lemma 7.13. fa ((f)) C A< U atoms ((f)) and fa (r) C A< U atoms(r). 

Proof. By a routine induction on Definitions 5.1 and 7.11 and by a routine calculation 
using part 2 of Theorem 4.14 for the base case of n-X. □ 

Proposition 7.14. Suppose (f> is a proposition, is a PNL interpretation with medium support 
(Definition 7.4), and ? is a valuation to Jif. Suppose A C A is a finite set of atoms such that 
atoms ((f)) C A, and suppose I G | ILr 3 ^ | and supp(l) C)A = 0. 
Then J? , ? N if and on/y if [i]^, [/]? N 0. 

Proof. By induction on 0. We consider a selection of cases: 

• 77ze case o/P(r). We consider the two implications separately. 

(<=) Suppose [Z]JT, [t\q \= P(r). This means that [r]™jf G PW # . By Theorem 5.2 
[r]™'f = [Z]|r]f (note that atoms(P(r)) = atoms(r)), and so by Definitions 7.9 
and 4.3 7r'-[rJ^ G P^ for some ir' G /£x(supp([[r]]f ) \ supp(lj). By equivariance of 
P x it immediately follows that [r]f G P^ and so that JT, ? N P(r). 

(=>) Now suppose 1= P(r), so that by definition [r]f G [Pf*". As in the 

previous paragraph by Theorem 5.2 [^[rjf = [rf'^. It follows by Definition 7.11 

that [r]«f G pM* 
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• The case ofVX.<fr. Again we consider the two implications separately: 

(<=) Suppose c \f VX.(f>. Unpacking definitions, this means there is some 

x G |[sort(X)] jr | with supp(x) C A< and Jj?,s[X:=x} \f <j>. 

By inductive hypothesis [l]Jf?, [l](q[X :=x}) \f <fi. We can use Lemma 5.4 to write 
[Z](^[X:=a;]) as ([2]<r)[X:=[i]x]. Furthermore, by assumption supp(x) C A< so by 
Lemma 4.6 supp([Z]x) C A< \ supp(l) C A< . It follows by Definition 7.3 that 

(=>) Suppose [Z] , [Z]c It' Unpacking Definition 7.3 this means there are 

x' G |[*ort(JC)] jr | and I' 6 |L <<: | such that 

supp([l']x') Q A< an d [t\JP, ([Z]c)[X:=[Z']x'] \f <\>. 

If supp([l']x') n supp(l) = then we may use Lemma 4.8 and write [l']x' as 
[Z](([Z']x')@Z) and deduce by inductive hypothesis that J>F,<;\? <f>. 

Otherwise, we choose some n' that maps supp([l']x')Dsupp(l) ^ to a set of atoms 
in A< that is disjoint from supp{l) U atoms((j)), and ir' fixes all other atoms. This is 
possible because by construction supp([l']x') is finite and A< \ (supp(l)U atoms (</>)) 
is infinite (recall that A< \ A K< is assumed infinite). Using Lemma 7.12 

[Z]^,([Z]c)[X:=7r'-([Z']x')]^ 
We now proceed as in the case where supp([l']x') n supp{l) = 0. 

• TTze case o/ V- Suppose , c N This means that M 3 , c \f 4> or , <; \= tp. 
By inductive hypothesis this is if and only if [l]Jf?, [Z]c \f <j) ox [l]J^, [Z]c N In 
either case [Z]^ 7 , [Z]c N <j>=>ip, and we are done. 

□ 

Theorem 7.15. zfancZ onZy i/l=« 4>. 

Proof. The right-to-left implication is immediate, just as in Theorem 6.8. The left-to-right 
implication follows using Proposition 7.14 and Lemma 7.10. □ 

7.4. Relevance of the theorem 

It will help to establish some new terminology: 
Notation 7.16. Suppose X is a set with a permutation action and x G |X|. 

• Say the element x G |X| is finite-namespace when supp(x) is finite. Similarly say 
X is finite-namespace when every x G |X| has finite support. 

This is synonymous with X being a nominal set in the sense of [GP01]; cf. also 
Definition 6.6. 

• Say x is A^-namespace when supp(x) C 7r-A <<: for some n. Similarly say that X is 
A^-namespace when every x G |X| is A^-namespace. 

This is synonymous with medium support from Definition 7.4. 

• Say x is A < -namespace when supp(x) C 7r-A < for some ir. Similarly say that X is 
A< -namespace when every x G |X| is A^ -namespace. 

This is synonymous with X being a permissive-nominal set in the sense of Defini- 
tion 2.7 or [Gabl2]. 
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Similarly we will call interpretations finite-namespace, A^ -namespace, and A< -namespace 
in accordance with the support of their underlying sets. 

The relevance of Theorem 7.15 is that a PNL predicate is valid over A^-namespace 
interpretations if and only if it is valid over finite-namespace interpretations. 7 

The PNL of [DG10, DG11, Gabl2] has a sequent system giving a notion of logical 
entailment which is proved sound and complete for t=, that is, for the collection of A< - 
namespace interpretations. This differs from the validity N«, which is validity over 
A^-namespace interpretations (those with medium support). This is a more restricted 
class of models. 

Medium support is a new idea to the theory of PNL. When models are restricted, 
more statements become valid (usually). In this case we get a family of theorems, which 
is exemplified by Proposition 7.7. It remains to devise a complete proof system for PNL 
over medium support. 

We would not speculate on whether large or medium support is 'better'; we suspect 
that the situation is similar to the intuitionistic/ classical question of whether to allow 
double negation elimination: sometimes we may want it and sometimes we may not. 

The value of Theorem 7.15 is that it tells us that A <<: is as small as we need go in 
exploring validity: restricting models of PNL further to smaller namespaces, and in 
particular to finite support, will not give us any extra valid propositions. As we shall 
argue in the Conclusions, working with sets with infinite support is often easier than 
working with sets with finite support, so this matters. 

And note the obvious: once we carried out our constructions and applied them to 
permissive-nominal algebra, we could re-use them for permissive-nominal logic with a 
relatively slight effort of two pages of mathematics in Subsection 7.3. 

8. More permission sets, more permutations 

In Definition 2.5 we followed [Gabl2] and took permission sets to be sets of the 
form 7r-A < . This captures a simple assertion language about the atoms permitted in 
unknowns. The results in this paper are sensitive to the expressivity of this language: if 
we make it slightly more powerful then the results in this paper fail. 

8.1. More permission sets 

If we follow e.g. [DGM10] and take permission sets to be sets of the form (A < \ A)L)B 
where A C A< and BCA > are finite, then the results in this paper fail. 

This genuinely enlarges the set of permission sets (and so makes the assertion lan- 
guage which they represent, more expressive). For instance, if b G A> then there is no 
finite permutation tt such that ir-A < = A< U {b}. 

Notation 8.1. Write V for the set of all sets of atoms differing finitely from A< as just 
described. 



7 For comparison, nominal logic does not have this property [Pit03]: there are nominal logic predicates that 
are valid of all finite-namespace interpretations but not of all A <<: -namespace interpretations (and thus also not 
valid of all A< -namespace interpretations). Nominal logic, of course, is a first-order theory; an axiomatisation 
in first-order logic similar to the axiomatisation of Fraenkel-Mostowski sets from which it is descended. What 
makes the languages of this paper different is that they are purpose-built using the dedicated new syntax of 
(permissive-)nominal terms. 
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Proposition 8.2. There exists a theory T in permissive-nominal algebra with permission sets 
from V, and an assertion r' = s' in that theory, such that T l=^„ r' = s' and T \f r' = s' (where 
models are permissive-nominal sets with permission sets in V). 

Proof. Assume one base type r and one term former : r with pmss(0) = 0. Assume 
an axiom X = where fa(X) = A< . Assume an unknown Z with sort(Z) = r and 
fa(Z) = A< U {b} where b e A> . Then: 

• T t fin Z = 0. 

For suppose & is an interpretation of T with finite support: then for any x G [r] f , 
there is some finite 7r with supp(ir-x) C A< , hence by our single axiom tt-x = and 
by equivariance x = 7r _1 -0 = 0, since has empty support. 

• However, T \f Z = 0. 

To see this, interpret r to be the set {•7r-(A < U {&}) | ir finite} U {0}, interpret by 
0, and take q(Z) = A< U {b}. 

□ 

Initially we used V; notably in [DG10, DGM10, DG11]. However, in later papers 
such as [Gabl2] we preferred the design of Definition 2.5 because it seemed to make 
some proofs easier to express. In the light of the results of this paper we can now better 
understand the significance of our design choices: Proposition 8.2 suggests that our 
design in Definition 2.5 is mathematically more elementary and somewhat closer to the 
design 'nominal terms + finitely-supported nominal sets' from the previous literature. 
That is, the design of Definition 2.5 and [Gabl2] is the closest 'permissive' version of 
traditional nominal techniques, and the design of [DG10, DGM10, DG11] is slightly but 
measurably more expressive. 

8.2. shift-permutations 

In the presence of infinite permutations, the results in this paper fail. We sketch the 
mathematics involved, starting with a justification of why infinite permutations are an 
interesting case to consider. 

For simplicity assume a single sort of atom. 

Definition 8.3. Suppose a e A< = {a, a-i, a-2, a-3, ■ ■ ■ } and A> = {ai, a,2, 03, ... }. 

Assume a bijection 6 on atoms mapping A< to A< \ {a} and such that A \ nontriv{ir) 
is infinite (we can do this because we assumed that A is countable). 

We illustrate an example: 

Illustration of 5: a.f 0-5 a-4 0-3 a-2 °>-i a ^ a\ ^ a 2 ^^03 ^ a 4 J ^^a^~~^ a s 



Call S a shift-permutation. 

S has a measurable and favourable effect on the mathematics and algorithmics of 
nominal syntax. For instance: 

• 8 nontrivially increases the deductive power of VA in PNL [DG11, Subsection 2.7]. 

If fa(X) = A< where a E A< then VA.R(A, X) does not entail R((X,a), (X, a)) 
without S, but it does entail R((A, a), (A, a)) with 5 (for R having an appropriate ar- 
ity). This extra power is irrelevant if we only care about finitely-supported models, 
which is why the issue has not arisen in previous work. 
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• s/zf/i-permutations can be used to obtain a particularly concise unification algo- 
rithm [Gabl2, Section 4]. 

For more discussion see [Gabl2, Subsection 3.6]. 

This extra power is not particularly expensive: we can do what we are used to in 
nominal techniques, in the presence of S. Indeed, the results of [Gabl2] are param- 
eterised over a permutation group general enough to admit 5 because this was easier 
than excluding it. In particular the specific design of the nominal unification algorithm 
and HSP result there, are shorter and simpler because of their use of S. 

However, in the presence of S the results of this paper fail. Proposition 8.5 gives an 
example of a signature for which permissive-nominal algebra N (all permissive-nominal 
models) is complete, but N^,, (models with finite support) are not. In order to state this 
result we must 'upgrade' the material in this paper with S. 

Definition 8.4. To augment Sections 2 and 3 with a shift permutation 5, we proceed as 
follows: 

1. In Definition 2.3 permutations are finitely generated by swappings and 6 (they 
remain finitely representable, but nontriv(ir) is now not always finite). 

Write Ps for the group of bijections generated by swappings and 6. 

2. In Definition 2.6 assume the permutation action has type (Ps x |X|) — > |X|. So 
permissive-nominal sets have an action by swappings and 6. 

3. In Definition 2.6 we say that A C A supports x £ |X| when for every permutation 
tt £ Ps, if 7r(a) = a for all a £ A then tt-x = x. 8 

4. In the examples of Subsection 2.3 extend for the extra permutations in the natural 
way. So TT-a = n(a) for tt £ and 7r-[a]x = [7r(a)]7r-x for tt £ Ps- 

5. In Definition 3.3 extend terms also with the extra permutations. So tt-X is a term 
for tt £ Ps- The permutation action Definition 3.4 extends in the natural way. 

6. We extend the notion of equivariance (Definition 3.9) with the extra permutations. 
So F is equivariant when F(n-x) — tt-F(x) for all permutations tt g Ps and x £ |X|. 9 

Proposition 8.5. There exists a theory T in permissive-nominal algebra with 5, and an assertion 
r' = s' in that theory, such that T r' — s' and T \f r' = s' (where models are permissive- 
nominal sets with 8). 

Proof. Assume no term-formers and one base type r. Assume a £ A < and a shift per- 
mutation S bijecting A< with A< \ {a}, as illustrated just after Definition 8.3. 
Assume an axiom (b a)-X = X where b g" A< . Then: 

• If j£" is a model of T with finite support then supp(x) = for every x £ [r]^. 
For suppose there exists x with supp(x) ^ 0. By equivariance we may (apply a 
permutation to x to) assume without loss of generality that a,b $ supp(x). 



8 This is a little stronger than we need. We could also retain the condition that it be finite in the definition 
of supporting set, so we say that A C A supports x G |X| when for every finite permutation n £ Pfi n (so no 
<5), if ir (a) = a for all a G A then tt-x = x. We only ever a-convert by finitely many atoms in this paper, so the 
proofs remain unchanged. 

What does happen is that we admit models with elements which are fixed by finite permutations, but 
perhaps not by <5. For more on this design see [DG11], in particular Remark 3.3. 

9 We then call the notion of equivariance from Definition 3.9 finite equivariance. It is possible to be equiv- 
ariant for finite permutations but not for S. The proof of Proposition 8.5 will depend on this. 
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Now choose some a' G supp(x) and choose some n mapping supp(x) to a subset 
of A< and such that specifically n(a') = a. By our axiom, (b a)-{n-x) — ir-x. It 
follows by calculations on permutations that (b a')-x = x and so by Corollary 2.11 
that a' g 1 supp(x), a contradiction. 
Thus, T \= fin S-Y = Y. 

• T \/ 5-Y = Y. To see this consider the elements x% = {(•7ro5 z )-A < | 7r finite} with 
the pointwise action, for every i e Z (where Z is the integers; see Definition 2.1). 
It is a fact that (b a)-Xi — Xi, but it is also a fact that 8-Xi — Xi+i ^ Xi. We interpret 
r to be the set {xi \ i G Z} and see that (b a)-Xi = Xi for every i so the axiom 
(b a)-X = X is valid, but 6-xq ^ xo so T \f 5-X = X. 

This observation is exactly the fuzzy support noted in [Gab07], see also Remark 3.3 
from[DGll]. 

□ 

Remark 8.6. Where do the proofs fail? Failure occurs in the interaction of atoms (r) 
(Definition 5.1) with Theorem 5.2. 

The reasonable definition for atoms(8-X) is nontriv(S) / A< , which is infinite. This 
gives us infinitely many atoms to avoid in order to guarantee atoms{r) n supp(l) = in 
Theorem 5.2. Thus, sMpp([^][f]f^) need not be finite. 

As a corollary we can clarify something that is evident but only semi-formal in previ- 
ous work: permissive-nominal terms with S are strictly more expressive than permissive- 
nominal terms without 8, and also strictly more expressive than 'ordinary' nominal 
terms. 

9. Conclusions 

We have seen permissive-nominal sets and how, given a permissive-nominal set X, 
we can build a corresponding nominal set [L]X from X by applying to each x G |X| an 
infinite simultaneous atoms-abstraction abstracting all but finitely many of the atoms in 
supp(x). We have used this to translate between interpretations with differently sized 
sets of support, and we have used this translation to translate between different notions 
of validity for permissive-nominal syntaxes. 

It can be easier to work with permissive-nominal models — even dramatically eas- 
ier. To see an example, compare the direct completeness proof for nominal algebra 
with respect to finitely-supported models in [GM09] (subsections 4.3 and 4.4; over five 
pages including a 'trick') with the completeness proof for the permissive-nominal al- 
gebra used in this paper with respect to permissive-nominal models in [Gabl2] (sub- 
section 7.5; under two pages, and the maths is straightforward). Even more extreme, 
compare the proof of the Nominal HSPA theorem from [Gab09] (twenty-eight pages) 
with the permissive-nominal HSP theorem from [Gabl2] (five pages). 10 

What this means is that — based on this author's experience — even if the reader is 
interested specifically in finitely-supported models, it might be shorter and cleaner to 
prove completeness with respect to some flavour of infinitely-supported permissive- 
nominal models first, and then to use this paper off-the-shelf. 



10 This is unfair. For instance, the five pages do not include setting up the syntax. Still, looking at the maths, 
a leap in difference in complexity is clear. 
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de Bruijn indexes. The technical construction at the heart of this paper, [L]X from Defi- 
nition 4.3, is arguably reminiscent of de Bruijn indexes [dB72]. Given an x £ |X| with 
infinite support, we form [l]x where supp(x) \ supp(l) is finite. In doing this, we in effect 
convert all but finitely many of the atoms in supp(x) into numerical indexes, where a is 
identified by the position in I at which it occurs (if any). 

Of course this is not a literal replacement in x, since we assume no internal structure. 
But since nominal elements have names, binding these names in order corresponds to 
turning them into numerical indexes. An explicit connection is made in [Gab07, Sec- 
tion 4] as mentioned below. 

Infinite sets of atoms in the literature. The notions of infinite support, infinite lists of atoms, 
and infinite simultaneous atoms-abstraction were considered by the author in [Gab02, 
Gab07]. 

Translations between nominal abstract syntax, name-carrying syntax, and de Bruijn 
syntax were given in [Gab07, Section 4]. The precise definition used in this paper is dif- 
ferent and tailored to our intended application (we restrict to the subset of abstractions 
such that supp([l]x) is finite), and of course, we concentrate on things other than abstract 
syntax. 

The notion of not-necessarily-finite support was also raised in [Pit03], and Cheney 
took up the suggestion in [Che06]. The support ideals considered there are not quite the 
same as the permission sets considered here (for instance, permission sets in this paper 
are never finite, and the emphasis on well-orderings is absent in Cheney's work), but 
the spirit of the maths is similar. 

Implicit connection with unknowns. A non-evident connection exists between [l]x and un- 
knowns, which this paper has not explored. In a separate paper we demonstrate how a 
model of unknowns X is given by infinite well-orderings of permission sets [Gabllb]. 
One way to view [l]x is as 'x abstracted by an unknown X' . 

Now L from Definition 4.1 is a single permutation orbit under finite permutations of 
some list of atoms. This author calls this a namespace — L is a namespace, that is, a 
set of sets of atoms (in order) obtained by permuting finitely many of them at a time. 
We go from X to [L]X essentially by abstracting a namespace, and because an unknown 
identifies a namespace, this can be read as a (level 1) abstraction of (the atoms in) a level 
2 variable. 

This paper does not make anything of these connections, but they exist in the back- 
ground. At some point, we hope to produce a broader account which will bring the 
threads in the various papers together and makes clearer the overall picture. For now, 
the results in this paper have independent interest as discussed above. 

shift-permutations. We concluded the technical part of this paper in Section 8 by dis- 
cussing s/zz/f-permutations. These infinite permutations are useful and mathematically 
well-behaved, but they mark a point at which permissive-nominal techniques go strictly 
beyond the expressivity of nominal techniques, and this is made formal: we saw in Sec- 
tion 8 how the results of Section 6 depend on permutations tt being finite and when we 
include infinite permutations in syntax, the results begin to fail. This is reasonable and 
as it should be. 

So a lesson we can draw from this paper and from the translation in [DGM10, Sec- 
tion 4] is this: permissive-nominal terms with finite permutations are essentially the 
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same thing as (but somewhat better-behaved than) 'ordinary' nominal terms; permissive- 
nominal terms with possibly infinite permutations are different, and they are strictly 
more expressive. 

Non-equivariance of atoms. One curious aspect of our proofs is that the function atoms 
from Definition 5.1, which plays a role in Section 5, is not invariant under a-equivalence. 
For instance, atoms([a]X) = {a} and atoms([b](b a)-X) = {b,a} (where a 6 A< and 
b £ A> ). 

It is shown in [Gabllb] and [Gabl2] that valuations c (Definition 3.12) can be thought 
of as (finite-)equivariant maps out of moderated unknowns ir-X considered as a permissive- 
nominal set. 

The non-equivariance of atoms is an artefact of the fact that the syntax of this pa- 
per amounts to choosing id-X as a representative of the permutation equivalence class 
{ir-X | 7r a permutation}. Permissive-nominal syntax is already non-equivariant, be- 
cause for each unknown-up-to-permutations we have chosen a canonical representative 
X. 

None of this matters for the proofs here, because we only care about avoiding cap- 
ture with finitely many atoms. 

Final words on set theory. The results of this paper are reminiscent of the upwards and 
downwards Lowenheim-Skolem theorems, which express that a first-order theory can- 
not 'count' the cardinality of its infinite models [Hod93]. The construction of this paper 
can be read as saying that first-order permissive-nominal syntax with finite permuta- 
tions cannot 'count' the cardinality of its supporting sets. 

We believe it would be fairly easy to strengthen and generalise this result to the 
following: first-order nominal syntax cannot 'count' the cardinality of the set of atoms or 
its supporting sets, so long as these are no smaller than the permutations in that syntax. 
Making this formal would require us to be just a little systematic but it should not be 
too hard using a free construction — and the syntax should be a natural generalisation 
sufficient to subsume permissive-nominal algebra and permissive-nominal logic. 

More generally, we can also ask how the group of permutations can be indepen- 
dently enlarged or restricted in syntax and in the denotation. For instance, in this paper 
we have considered syntax and semantics using the same group of permutations. But 
the semantics could allow more permutations than the syntax, e.g. we could allow shift 
in the denotation (this is useful to 'make support smaller' in some element), but not in 
the syntax (so that we might avoid the issues discussed in Subsection 8.2 and specifi- 
cally in Remark 8.6). In short, we see this paper as the first of a family of similar results 
which may become useful if and when further variations on logics based on nominal 
terms, and their models, are developed. We leave these thoughts to future work. 
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